• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.04a
• /
• pp.1489-1492
• /
• 2009

현대 사회는 IT 기술의 발전과 인터넷 및 디바이스의 발전으로 인해 다양한 기술이 융합된 컨버전스 현상이 급진전되고 있으며, 방송과 통신의 융합 흐름은 더욱 가속화될 전망을 보이고 있으며, 특히 현재 제공되고 있는 IPTV(Internet Protocol Television) 서비스를 통해 빠른 성장세를 보이고 있다. 그러나 이와 같은 IPTV는 기존 IP 네트워크 기반으로 서비스를 제공하고 있으며, 이는 이전의 사이버공격 기술이 그대로 적용될 수 있는 문제점을 내포하고 있다. 따라서 본 연구에서는 IPTV 실시간 방송 서비스 환경에서 AAA 서버를 이용한 멀티캐스트 키 관리 기술을 제안하였다. 멀티캐스트 키 구조는 계층적 트리 방식을 적용하였으며, ID 기반 멀티캐스트 키 관리 기술을 제안하여 안전하고 효율적인 서비스를 제공할 수 있도록 하였다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.29 no.3C
• /
• pp.426-435
• /
• 2004

The DIAMETER protocol provides Authentication, Authorization, and Accounting (AAA) transactions across the Internet. SIP(Session Initiation Protocol) will be used for new types of signaling, such as instant messaging and application level mobility across networks. And SIP will be a major signaling protocol for next generation wireless networks. But the Digest authentication scheme is not using a secure method of user authentication in SIP, and it is vulnerable to man-in-the-middle attacks or dictionary attacks. This study focused on designing a SIP proxy for interworking with AAA server with respect to user authentication and security analysis. We compared and analyzed the security aspects of the scenarios and propose two proposals that a response which include the user address and password-based mutual authentication and key agreement protocol. It is claimed to be more secure against common attacks than current scenarios.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.103-114
• /
• 2007

The existing handover authentication schemes have authentication delay and overhead of the authentication server since they have been separately studied handover authentication at the link layer and the network layer. This paper proposes a handover authentication scheme initiated by Mobile Node on FMIPv6 based mobile access networks. The main idea of the paper is to generate a session key at the mobile node side, and transfer it to the next Access Router through the authentication server. Also, the scheme has a hierarchical key management at access router. There are two advantages of the scheme. First, the generated session key can be utilized for protecting the binding update messages and also for access authentication. Second, hierarchical key management at the access router reduced the handover delay time. The security aspects on the against PFS, PBS, and DoS attack of proposed scheme are discussed.

• Journal of Korea Multimedia Society
• /
• v.13 no.2
• /
• pp.205-215
• /
• 2010

It is necessary to provide a fast and secure handover for seamless real-time multimedia services based on IEEE 802.11. In this paper, we propose FMIPv6 handoff protocol integrating L2/L3 layer based on IEEE 802.11 WLAN environment. In that, we propose a hierarchical key management scheme and authentication mechanism for protecting the handover signaling messages. The number of connections with AAA server is minimized for the fast handover. It is also compared and analyzed the handover cost with previous method.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.10a
• /
• pp.219-222
• /
• 2010

본 논문에서는 무선 네트워크 기술인 802.11의 보안책인 802.1x의 효율성에 대해 연구한다. 무선 네트워크는 1970년대 라디오 주파수를 사용하여 컴퓨터 통신 네트워크가 구축된 이후 눈부신 발전을 거듭하여 현재 학교나 카페 등에서 쉽게 무선 랜 존을 접할 수 있다. 하지만 최근 스마트폰이나 노트북 등 많은 portable 단말기의 사용자가 급속도로 증가 하면서 무선 랜 존의 수요가 크게 늘어가고 있다. 이렇게 무선 네트워크 구축이 활발히 되면 그와 동시에 증가하는 것이 보안 문제이다. 본 논문에서는 무선 AP와 Radius(AAA) 서버를 이용한 보안 시스템 구축 시 고려해야 할 요구조건과 유지관리를 위한 효율성을 연구하여 제한된 환경에서의 효과적인 보안 시스템을 설계를 위한 방안을 제시한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.11b
• /
• pp.1313-1316
• /
• 2003

최근에 공공장소에서의 보다 안정적이고 고속의 무선 인터넷 접속에 대한 욕구가 커지면서 무선랜에 대한 수요가 많아지고 있고, 유무선 사업자들은 무선랜 시장을 선점하기 위해서 서비스를 서두르고 있다. 이와 같은 무선랜환경에서 안전하게 사용자를 인증하고 서비스를 제공하기 위한 AAA 프로토콜로 Diameter Protocol 표준이 정의되었다. 이와 같은 Diameter base Protocol 표준의 관리를 위한 MIB 구조가 Diameter Base MIB에 정의되어 있다. 본 논문에서는 무선단말 사용자를 인증시켜 주고 무선랜서비스를 허가해주는 Diameter Server 를 관리하기 위한 관리 시스템을 위의 MIB 을 기준으로 해서 설계하고 구현하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.7
• /
• pp.51-57
• /
• 2012

This paper proposes a group key design based on ECDH(Elliptic Curve Diffie Hellman) which guarantees secure V2V and V2I communication. The group key based on ECDH generates the VGK(Vehicular Group key) which is a group key between vehicles, the GGK(Global Group Key) which is a group key between vehicle groups, and the VRGK(Vehicular and RSU Group key) which is a group key between vehicle and RSUs with ECDH algorithm without an AAA server being used. As the VRGK encrypted with RGK(RSU Group Key) is transferred from the current RSU to the next RSU through a secure channel, a perfect forward secret security is provided. In addition, a Sybil attack is detected by checking whether the vehicular that transferred a message is a member of the group with a group key. And the transmission time of messages and the overhead of a server can be reduced because an unnecessary network traffic doesn't happen by means of the secure communication between groups.

• Journal of the Institute of Electronics Engineers of Korea TC
• /
• v.46 no.2
• /
• pp.81-88
• /
• 2009

This paper proposed a session key exchange and authentication scheme on non-interactive key distribution algorithm using a community member's ID in ubiquitous networks. In ubiquitous network environment, User's context-awareness information is collected and used to provide a context-awareness service for someone who need it. However, in ubiquitous network environment, this kind of the Context-awareness information could be abused by a malicious nodes. The proposed scheme using the community member ID provides a session key exchange and mutual authentication between community members, and supports secure data communication. Also, when exchanging the session key and authenticating each other, this scheme reduces communication overhead and authentication delay compared to the AAA server scheme.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.31 no.8B
• /
• pp.730-735
• /
• 2006

This paper proposes a media key distribution scheme for lawful interception in secured VoIP systems. A problem of the current US or EU standards for lawful interception is that they do not provide a mechanism for collecting keys used for encrypting media streams between two end points. In the proposed scheme, dual encryption was applied on the media keys using two shared secrets: one between the ISP AAA server and user agent, and the other between the TSP registrar and user agent. Only the lawful agency with court warrant can collect both keys from the service providers. This scheme can still provide a privacy by preventing the misusage of the keys by the service providers.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.3
• /
• pp.137-144
• /
• 2004

3GPP(3rd Generation Project Partnership)-WLAN(Wireless Local Area Network) interworking refers to the utilization of resources and access to services within the 3GPP system by the WLAN UE(User Equipment) and user respectively. The intent of 3GPP-WLAN Interworking is to extend 3GPP services and functionality to the WALN access environment. We propose an efficient mechanism for the setup of UE-initiated tunnels in 3GPP-WLAN interworking. The proposed mechanism is based on a secret key which is pre-distributed in the process of authentication and key agreement between UE and 3GPP AAA(Authentication, Authorization Accounting) server. Therefore it can avoid modular exponentiation and public key signature which need a large amount of computation in UE. Also the proposed scheme provides mutual authentication and session key establishment between UE and PDGW(Packet Data Gateway).